Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: Red Hat Satellite 6 security, bug fix, and enhancement update

Related Vulnerabilities: CVE-2018-16470   CVE-2018-1000632   CVE-2019-10198   CVE-2019-14825   CVE-2018-1000632   CVE-2018-16470   CVE-2019-10198   CVE-2019-10198   CVE-2019-14825   CVE-2019-14825   CVE-2018-16470   CVE-2018-1000632   CVE-2019-10198   CVE-2019-14825  

Source

Synopsis

Moderate: Red Hat Satellite 6 security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Topic

An update is now available for Red Hat Satellite 6.6 for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es):

  • rubygem-rack: Buffer size in multipart parser allows for denial of service (CVE-2018-16470)
  • dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents (CVE-2018-1000632)
  • foreman: authorization bypasses in foreman-tasks leading to information disclosure (CVE-2019-10198)
  • katello: registry credentials are captured in plain text during repository discovery (CVE-2019-14825)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.6/html/upgrading_and_updating_red_hat_satellite/updating_satellite_server_capsule_server_and_content_hosts

Affected Products

  • Red Hat Satellite 6.6 x86_64
  • Red Hat Satellite Capsule 6.6 x86_64

Fixes

  • BZ - 1111223 - Removing a lifecycle environment from a capsule does not cause repos to be removed from
  • BZ - 1152515 - [RFE] Dependency Resolution within content views + associated UI constructs.
  • BZ - 1163020 - [RFE|TRACKER] Add systemd journal/systemd support
  • BZ - 1194093 - [RFE] Update puppet provisioning snippet & installers to support sha256
  • BZ - 1336439 - [RFE] Set Network Interface Type when creating new VMs in RHEV Compute Resource
  • BZ - 1378579 - Deploying a New Host to vmware compute resource from existing template always ends up with thin provisioned disk
  • BZ - 1402136 - [RFE] Provide method to add array, hashes as input value for Global parameters in hostgroups
  • BZ - 1465521 - [RFE] API to cancel/delete Remote Execution tasks before their scheduled time
  • BZ - 1490850 - [RFE] Need a way to mark a build as failed
  • BZ - 1503426 - DynFlow logo in DynFlow console is missing
  • BZ - 1505932 - [RFE] Show "Static Query" in Job invocations overview
  • BZ - 1559006 - [RFE] Allow to select destination Storage Domain and storage allocation [thin / clone-indipendent] when provisioning from RHV template - a-la VMware
  • BZ - 1561876 - qdrouterd crashes when burst of requests arise from katello-agent clients
  • BZ - 1591629 - [RFE] Satellite should support SCAP reports without the need of puppet installed on hosts
  • BZ - 1593480 - IndexContent step can take 20+ minutes during initial sync of a large repo
  • BZ - 1596411 - [RFE] Advanced support of Modularity
  • BZ - 1601602 - [RFE] Use chronyd instead of ntp in provisioning templates on RHEL systems
  • BZ - 1608712 - [RFE] the hammer ansible plugin can not filter imported ansible roles
  • BZ - 1609371 - The dynflow scheduling mechanism can lead to tasks initiated later to be executed sooner, leaving older tasks waiting
  • BZ - 1612800 - [RFE] Option to specify filter_host_parents and exclude_hosts_parents on Satellite web UI virt-who configuration.
  • BZ - 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
  • BZ - 1630548 - Available repositories from repository-set are incomplete or missing
  • BZ - 1634755 - [RFE] Add smart parameters alike feature to Ansible integration
  • BZ - 1643649 - Sequential Actions::Katello::Host::Update calls from subscription-manager can fail under load
  • BZ - 1644201 - satellite-installer waits for qpidd service status, not for qpid listening on port 5671
  • BZ - 1646814 - CVE-2018-16470 rubygem-rack: Buffer size in multipart parser allows for denial of service
  • BZ - 1649944 - Virt-who Configurations page on the Red Hat Satellite WebUI shows status as "No Report Yet" even with the updated hypervisors list and the working configuration.
  • BZ - 1650641 - [RFE] disable auto-reload of the dashboard
  • BZ - 1651389 - Red Hat Satellite 6.4 upgrade fails with error Validation failed: Name has already been taken at db:migrate stage
  • BZ - 1653293 - Advance(Scoped_search) search in manage errata page
  • BZ - 1658265 - [RFE] virt-who-configure-plugin should set 'NO_PROXY=*' by default.
  • BZ - 1658284 - [RFE] Allow virt-who-configure plugin to have additional interval options
  • BZ - 1658318 - [RFE] Foreman-debug should gather virt-who data.
  • BZ - 1658553 - Cannot add new disk to VM when using image based to provision
  • BZ - 1659979 - Unable to add Google Cloud Platform as compute resource to Satellite.
  • BZ - 1671274 - [RFE] Support CNV as the virt-who resource
  • BZ - 1671318 - [RFE] The CV exported tar should have minor version of Content View.
  • BZ - 1672706 - candlepin's CertificateRevocationListTask does not scale well for 2M+ certificates
  • BZ - 1673447 - Capsule sync planning in foreman-tasks sometimes takes too long
  • BZ - 1679225 - Unable to build VM with bootdisk option using hammer-cli-foreman
  • BZ - 1679300 - Unable to Change Host Location via Hammer
  • BZ - 1684573 - [RFE] Rebase Ansible to 2.8 for Satellite 6.6
  • BZ - 1686514 - Full Host ISO generated with 0 byte size init ram disk with on demand download policy kickstart repository
  • BZ - 1687543 - [RFE] - Need a way to add headings in Virtual Machine View
  • BZ - 1687801 - pxeboot images not downloading - Error -3 while decompressing: incorrect header check
  • BZ - 1690070 - publishing promoting large docker repos in a content view can take a long time
  • BZ - 1690204 - [RFE] merge the upstream Foreman Userdata plug-in into Satellite
  • BZ - 1691074 - [RFE] Satellite should be able to sync Fedora 30, ignoring zChunk data.
  • BZ - 1691443 - [RFE] Ship default role with permissions for ansible inventory callback
  • BZ - 1698148 - [RFE] Satellite 6 should pass through SWID information in any repositories it is syncing
  • BZ - 1698178 - [RFE] Allow the use of Ansible Runner instead of Ansible
  • BZ - 1698182 - [RFE] Remove foreman docker
  • BZ - 1703476 - No syncable repositories found for selected products and options. (RuntimeError)
  • BZ - 1705099 - Regeneration of ueber certificate is causing optimized capsule sync to perform force full sync every time.
  • BZ - 1706265 - Update from 6.5 to 6.6 is broken due to dependency issue
  • BZ - 1706267 - fg: no job control in post scriptlet while installing satellite 6.6
  • BZ - 1706274 - Error on accessing red hat subscription, red hat repository and module stream page
  • BZ - 1706277 - katello-certs-check output print foreman-installer/ katello/foreman-proxy-certs-generate on sat 6.6
  • BZ - 1706296 - uninitialized constant ForemanOpenscap::VERSION while creating new scap policy
  • BZ - 1706721 - Installer still shows 6.4 to 6.5 version to upgrade existing capsule
  • BZ - 1706743 - Candlepin service FAIL to start after satellite-change-hostname
  • BZ - 1707157 - RHEL 8 with iPXE fails due to Deprecated Options used
  • BZ - 1709761 - capsule-certs-generate shows output with foreman-installer --scenario foreman-proxy-content instead satellite-installer --scenario capsule
  • BZ - 1712554 - Red Hat Insights inventory broken for large environments after upgrade to Red Hat Satellite 6.5
  • BZ - 1712889 - Capsule certification generation command was failing due to the absence of certs-update-all parameter.
  • BZ - 1712985 - Installation of Red Hat Satellite 6.5 or Red Hat Capsule 6.5 server fails when ipv6 is disabled.
  • BZ - 1713103 - Unable to do image based provisioning with Cloud Init and VMware
  • BZ - 1713248 - Hammer hostgroup create fails with 'The selected content source and lifecycle environment do not match'
  • BZ - 1713274 - Missing rpms in erratum pkglist when an erratum appears in multiple enabled repos
  • BZ - 1713802 - Every capsule sync causes importers/distributors to get updated making an optimized capsule sync a full sync
  • BZ - 1714234 - some pages have blue menu (like upstream) instead of black/gray one (like downstream have)
  • BZ - 1714604 - Puppet certs not getting signed automatically on provisioned host
  • BZ - 1715898 - Disk space check during mongo storage upgrade to wiredtiger failing and dropping database
  • BZ - 1716877 - enabled repository does not show under 'Enabled Repository' view without refresh the page
  • BZ - 1716900 - The ACL /var/lib/qpidd/.qpidd/qpid_acls.acl gets removed with certain procedures
  • BZ - 1717069 - Unable to retrieve gpg_keys through Capsule
  • BZ - 1717248 - Satellite 6.5 Unable to provision new VMs on VMWare if datacenters are in a folder
  • BZ - 1717883 - [RFE] Add logs about tasks state changes
  • BZ - 1718009 - Add more default items to the default facts filter list: partitions*, mountpoints*, disks*
  • BZ - 1718889 - [RFE] Improve the Tasks page - Dashboard
  • BZ - 1720200 - REST API-based DNS conflict check
  • BZ - 1721055 - Hourly Scheduled sync plan executed every minute on upgraded Satellite VM's(6.4.z to 6.5 GA).
  • BZ - 1722475 - Cannot configure foreman_scap_client on host via puppet
  • BZ - 1722713 - Unable to import content view when there are more than 20 of enabled repositories in the target Satellite
  • BZ - 1723733 - Connection error for EC2 CR not rescued correctly
  • BZ - 1724064 - [RFE] Show Console output for a instance created using GCE
  • BZ - 1724739 - [RFE] Provide default custom-heira.yaml tuning templates for Satellite 6
  • BZ - 1725250 - Mismatches for organization and location on production environment and domain
  • BZ - 1725289 - undefined method `lookup_values' for nil:NilClass while creating host with foreman_scap_client ansible role
  • BZ - 1727320 - satellite login page branding lost with snap 10
  • BZ - 1727927 - Applying errata through remote execution doesn't work
  • BZ - 1728289 - Host selection is ignored with bulk actions when applying errata via remote execution
  • BZ - 1728306 - [Discovery] 'Create Host' and 'Customize Host' buttons not functionoing in Quick Provision dialog
  • BZ - 1729049 - List all hosts in an organization takes long time when there is a lot of reports.
  • BZ - 1729130 - CVE-2019-10198 foreman: authorization bypasses in foreman-tasks leading to information disclosure
  • BZ - 1729149 - CVE-2019-10198 tfm-rubygem-foreman-tasks: Authorization bypasses when accessing task details [rhn_satellite_6-default]
  • BZ - 1729153 - Lifecycle Environments does not shows details of associated C.V. /Repositories/Errata/packages, ..etc
  • BZ - 1730397 - [Hammer] The discovered hosts provision fails with error 'resource have no errors'
  • BZ - 1730668 - CVE-2019-14825 katello: Registry credentials are captured in plain text in dynflow task during repository discovery [rhn_satellite_6-default]
  • BZ - 1731112 - Discovered hosts stuck when attribute set is missing
  • BZ - 1731639 - Export to csv button on sub tasks page won't work
  • BZ - 1732066 - checksum-type does not updated on already synced repository at Satellite Capsule.
  • BZ - 1732601 - production.log does not log the request-id in registration calls
  • BZ - 1737488 - [Satellite 6.6.0 Snap14] Some unwanted exception dumps during yum update in the cleanup phase(In Capsule Upgrade).
  • BZ - 1739367 - Satellite 6.5.2 rejects to register hosts that were previously "pre-registered" via the API
  • BZ - 1739485 - CVE-2019-14825 katello: registry credentials are captured in plain text during repository discovery
  • BZ - 1739712 - Multiple NIC orchestrations are not orchestrated
  • BZ - 1744515 - VIrt-who reported hypervisors tasks are failing with exception(undefined method `[]' for nil:NilClass)
  • BZ - 1746166 - Installer fails when using signed certificate on the initial install
  • BZ - 1746175 - Adding a 2nd disk type of storage_pod/datastore_cluster fails to create vm
  • BZ - 1746581 - Gem loading error when enabling infoblox plugins
  • BZ - 1747177 - Allow registration when host is unregistered and DMI UUID has changed - Error: This host is reporting a DMI UUID that differs from the existing registration
  • BZ - 1747654 - Upgrade to 6.6 failed at foreman-rake db:migrate - undefined method `searchable_value='
  • BZ - 1750846 - Unable to load audits page - undefined method `abstract_class?' for Object:Class
  • BZ - 1751384 - Setting to toggle host profile stealing
  • BZ - 1752256 - Clicking on any tab from Left Navigation panel not working

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started